Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

This page details user authentication and access within Behavioral Engagement Platform™️.


Table of Contents


What is Identity and Access Management

At Symend, securing your data is our top priority. Across cloud services, attacks on user credentials sit at the top of the threat landscape. Symend’s Identity and Access Management help mitigate all attacks on user credentials by enforcing authentication and authorization controls. Let’s examine those controls so you understand our security model.


Who Uses User Authentication at Symend

Authentication is the process of verifying the identity of the user logging into the Symend application. To minimize attacks on user credentials, Symend enforces Multi-Factor Authentication (MFA) in addition to traditional password-based authentication.

The combination of a complex password and MFA ensures that Symend secures our authentication process. Our MFA model utilizes our partnership with Microsoft and their Authenticator tool to ensure only your people are accessing your data.

You can learn more about inviting your team members into the application by checking out our Get Started: Users, Roles, and Permissions article.


Why Use a complex password

We recommend that you take these steps to ensure your password is secure and protected from a brute-force attack:

  • Make passwords long. This is the best way to keep it secure. At least 15 characters are best.

  • Use a mix of characters: upper-case and lower-case, numbers, and symbols.

  • Avoid common substitutions. For example, avoid using and changing a word like DOORBELL to D00R8377 (known as leetspeak). Random character placement is more effective.

  • Don’t use easy letters close together on your keyboard which is easy to guess (for example, avoid “Qwerty”). Instead, use a longer phrase like “MyDog45isA%nice%” which mixes all the best practices, and you can easily remember.


Managed Single-Sign-On (SSO)

You can integrate Symend authentication with your identity provider to manage users and credentials centrally. You must create a support request to configure SSO for the Symend Application, which will be done in conjunction with your Client Delivery Representative.


User Authorization

Authorization is the process of validating if the authenticated user has permission to access a component of the Symend application.

Symend minimizes unauthorized user access by using role-based access control, which enforces a separation of duties. Each user persona in the platform has a distinct role, such as playbook designer, segment designer, org system admin, org security admin, etc.

You can learn more by checking out our User Management article.


Understanding the Access Model

Users are created and managed by you and your people at the client level, while all the authorization (roles) are managed by Symend administrators at the organization level.

You can learn more by checking out our Access Model Structure document. This model helps to simplify the access granted to users, in addition to enforcing the separation of duties.

To give you more context, let’s consider the following scenario using an example with the fictional client “NeutralComp.”

  • NeutralComp is a client or tenant with two organizations under it (orgs)

    • NeutralComp Financial

    • NeutralComp Internet

  • Cecile is a security administrator for NeutralComp Financial

  • Camila is a security administrator for NeutralComp Internet

  • Cecile creates a user, "Patty" from the “Settings -> Users and Permissions” page in the Application

    • Cecile grants the appropriate roles to Patty for NeutralComp Financial

    • Since Patty is created at the NeutralComp tenant (top level), Camila will now be able to see Patty from the User Management page

  • Camila must grant Patty a role (or set of roles) within NeutralComp Internet

  • This allows Patty to access the NeutralComp Internet organization

NOTE: All roles are bound to the context of an organization (NeutralComp).


Trust-but-Verify with Audit Trail

The Symend Platform tracks all user authentication actions by our clients. You can provide you with the log of user authentication on request by your organization. You simply created a support request with the desired time period and we’ll get you the audit trail for your user authentication activities.


Securing Sensitive Data by Default

Data security is built into our Symend platform by default. This ensures that we minimize the exposure to any sensitive data by masking the Personally Identifiable Information (PII) data. Any user or service can access PII data in clear text, only if they have a Trusted User role in the system.

  • No labels